This is the mail archive of the mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH, committed] Reset ipa-icf.c:optimizer to NULL when done

After a recent merge of trunk to the jit branch that brought in ipa-icf,
the new pass was segfaulting on the second iteration of an in-process
compile; e.g. with:

test-factorial.exe: internal compiler error: Segmentation fault
0x7f3f20c2301a crash_signal
0x7f3f207e963e bitmap_initialize_stat
0x7f3f207e963e bitmap_obstack_alloc_stat(bitmap_obstack*)
0x7f3f21360acb ipa_icf::sem_item::setup(bitmap_obstack*)
0x7f3f2136099d ipa_icf::sem_item::sem_item(ipa_icf::sem_item_type, symtab_node*, unsigned int, bitmap_obstack*)
0x7f3f21360e41 ipa_icf::sem_function::sem_function(cgraph_node*, unsigned int, bitmap_obstack*)
0x7f3f21363012 ipa_icf::sem_function::parse(cgraph_node*, bitmap_obstack*)
0x7f3f21365911 ipa_icf::sem_item_optimizer::parse_funcs_and_vars()
0x7f3f21367cb5 ipa_icf_generate_summary
0x7f3f20b5eaa4 execute_ipa_summary_passes(ipa_opt_pass_d*)
0x7f3f20826ce8 ipa_passes
0x7f3f2082706a symbol_table::compile()
0x7f3f20827400 symbol_table::finalize_compilation_unit()
0x7f3f207bf73c jit_langhook_write_globals

This turns out to be a use-after-delete: the "optimizer" singleton was
not being reset to NULL after being deleted, so on subsequent in-process
invocations of toplev::main the new instance of the pass_ipa_icf was
using the deleted memory from the previous compile.

The one-liner solution I applied to the jit branch was to simply reset
the ptr to NULL after deleting it to ensure that a fresh
sem_item_optimizer gets built on each in-process compile.

Attached is a version of that jit patch, that I've now committed to

Bootstrapped on x86_64-unknown-linux-gnu (Fedora 20).

Committed to trunk as r216561, since this seems obvious.

A more involved solution might be to eliminate this singleton in favor
of making it instance data of the class pass_ipa_icf, but that would
involved making the IPA hooks be vfuncs, so not doing that for now.

The other new piece of global state in ipa-icf.c is:

  unsigned int sem_item_optimizer::class_id = 0;

Honza, Martin: is there any reason that class_id is static, rather that
being instance data of the sem_item_optimizer instance?  As far as I can
see, it's only ever accessed from sem_item_optimizer methods.  Though
the jit branch's testsuite seems to work OK if I don't bother resetting
it back to 0...

Index: gcc/ChangeLog
--- gcc/ChangeLog	(revision 216560)
+++ gcc/ChangeLog	(revision 216561)
@@ -1,3 +1,7 @@
+2014-10-22  David Malcolm  <>
+	* ipa-icf.c (ipa_icf_driver): Set optimizer to NULL when done.
 2014-10-22  Andrew MacLeod  <>
 	* cfgbuild.h: New.  Add prototypes for cfgbuild.c.
Index: gcc/ipa-icf.c
--- gcc/ipa-icf.c	(revision 216560)
+++ gcc/ipa-icf.c	(revision 216561)
@@ -2320,6 +2320,7 @@
   optimizer->unregister_hooks ();
   delete optimizer;
+  optimizer = NULL;
   return 0;

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]